This detector checks for hidden text within input. If your application is not meant to process hidden text or nonstandard stylings, then you should turn on this detector.

Example

An example is an attacker hiding text in 0 point font or in white on white text, which is a way to obfuscate any instructions.

Threat

This is a good way to detect a method of delivery for many of the threats we have spoken about. If your application is not intended to deal with hidden text, then this is a great way for attackers to get users to copy paste in sources that they don't know are insecure.